Elements and Tags: <Short description of your suggestion> Malware detection notification

codiaks commented 3 months ago

Checks

[X] This is not a duplicate of an existing issue (please have a look through our open issues list to make sure)
[X] I have thoroughly read and understand The Odin Project Contributing Guide
[x] Would you like to work on this issue?

Describe your suggestion

The redirect link was not opening and showed a notification in chrome saying that a malware was detected. Why ??? Now I am afraid to go through any other links and pages by you guys...

Path

Foundations

Lesson Url

https://www.theodinproject.com/lessons/foundations-elements-and-tags

(Optional) Discord Name

No response

(Optional) Additional Comments

No response

CoderModer1 commented 3 months ago

Looks like you didn't pay attention to the foundation lessons:

HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems.[1] HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989 and summarized in a simple document describing the behavior of a client and a server using the first HTTP version, named 0.9.[2] That version was subsequently developed, eventually becoming the public 1.0.[3]

Development of early HTTP Requests for Comments (RFCs) started a few years later in a coordinated effort by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), with work later moving to the IETF.

HTTP/1 was finalized and fully documented (as version 1.0) in 1996.[4] It evolved (as version 1.1) in 1997 and then its specifications were updated in 1999, 2014, and 2022.[5]

Its secure variant named HTTPS is used by more than 85% of websites.[6] HTTP/2, published in 2015, provides a more efficient expression of HTTP's semantics "on the wire". As of January 2024, it is used by 36% of websites[7] and supported by almost all web browsers (over 98% of users).[8] It is also supported by major web servers over Transport Layer Security (TLS) using an Application-Layer Protocol Negotiation (ALPN) extension[9] where TLS 1.2 or newer is required.[10][11]

HTTP/3, the successor to HTTP/2, was published in 2022.[12] As of February 2024, it is now used on 29% of websites[13] and is supported by most web browsers, i.e. (at least partially) supported by 97% of users.[14] HTTP/3 uses QUIC instead of TCP for the underlying transport protocol. Like HTTP/2, it does not obsolesce previous major versions of the protocol. Support for HTTP/3 was added to Cloudflare and Google Chrome first,[15][16] and is also enabled in Firefox.[17] HTTP/3 has lower latency for real-world web pages, if enabled on the server, and loads faster than with HTTP/2, in some cases over three times faster than HTTP/1.1 (which is still commonly only enabled).[18]

The reason why a browser may be giving a warning is that its using http instead of https i.e its not encrypted therefore its considered not secure, I hope you find peace in your life.

PS: Don't show off with issues, go suck some tits.

ghost commented 3 months ago

@CoderModer1 Did you just create your account to be offensive and try to humilliate this person? People from all different backgrounds follow the curriculum and them being afraid of a warning from their browser is a valid concern. Just copy-pasting something and then treating them poorly does not help them or anyone at all.

MaoShizhong commented 3 months ago

@CoderModer1, that is absolutely not an appropriate response to someone raising a genuine concern. We have our community rules and expectations which also apply to GitHub. The way you have responded is straight up rude and not helpful at all.

@codiaks Please ignore the way you were responded to in the above message. What you raised is a perfectly valid concern, especially if you're not aware of the cause.

The reason you got a security notification was because the website uses http instead of https, where http is not secure, and some browsers/settings will give a strong warning against http sites due to the lack of security.

While most sites will auto-redirect you to the https version if the link only has http in it, this website doesn't seem to have an https version. I can assure you that there is no malware in that site, and that the notification you got was just your browser being extra cautious (which is of course a good thing).

What we should do is find an alternative resource that provides the same points, but is accessible via https, then replace the current link with the new one. If you can find an appropriate replacement resource, then I can assign this issue to you :)

codiaks commented 3 months ago

@MaoShizhong, The issue I faced was not only an HTTP not-secure warning but also for a moment a notification was shown saying malware was detected.

I searched online to see if there were any reported issues with the Odin Project, but I couldn't find anything. I then tried using the contact button on the Odin website, but it redirected me to GitHub. I searched for any reported issues on GitHub but didn't find any. Ultimately, I decided to create a new issue. In hindsight, I realize I should have asked for help on Discord instead. That's the story of what happened. I tested the link on a mobile device and didn't encounter any issues.

After reviewing the content again, I believe the current link is quite good and people may continue to find it useful. Therefore, I suggest not replacing it at the moment. However, if more people report issues with the link, we can consider replacing it with something else. This is my perspective on the matter. If you still believe it should be replaced, I can look for an alternative resource.

MaoShizhong commented 3 months ago

@codiaks the malware warning you would've gotten in this case likely would've been your browser being over-protective.

We should still replace the link with a similar resource that can be accessed via HTTPS. Most sites will auto-redirect to the HTTPS version when you hse the HTTP link, but this resource doesn't for some reason, only having an HTTP version. Therefore, we should find an HTTPS replacement for it.

MaoShizhong commented 2 months ago

We can just replace the href for that link with the link to the video itself (which uses HTTPS) instead of the page that houses the video, since the page doesn't really include much necessary stuff outside of the video.

The direct URL for the video is https://player.vimeo.com/video/24549728

@codiaks would you be happy to replace that link's href with the above vimeo URL instead? If so, I can assign this issue to you, then you can open a PR once assigned. If not, let me know so I can open this issue up for assignment.

MaoShizhong commented 1 month ago

Opening this up for contribution.

Acceptance criteria

[ ] The href for the link in Additional resources is replaced with https://player.vimeo.com/video/24549728. No other wording needs changing.

Please comment below if you'd like to be assigned to this issue. Please do not open a PR unless you have been assigned by a maintainer.

ItsTosh commented 1 month ago

Hey 👋 I’d be happy to contribute

MaoShizhong commented 1 month ago

All yours

ItsTosh commented 1 month ago

Sorry it took long, been busy all day!

TheOdinProject / curriculum